Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Less than a month after its last set of security updates, Apple released a new set of security patches for both iOS and macOS on April 24.

For its iOS mobile operating system, Apple has released version 11.3.1; on the desktop, the update is identified as Security Update 2018-001 for macOS High Sierra 10.13.4. For iOS, Apple patched a total of four vulnerabilities, while patching two issues in macOS, with an additional two patches in the Safari 11.1 browser update.

Among the most impactful issues is one identified as CVE-2018-4187, which is a flaw in the LinkPresentation component in both iOS and macOS.

Further reading

"Processing a maliciously crafted text message may lead to UI spoofing," Apple warns in its advisory. "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation."

Although Apple's advisory provides few details, the actual spoofing issue was in the in QR code reader capabilities. On March 24, security researcher Roman Mueller publicly reported the flaw, which he labeled as a QR code URL parser bug. According to Mueller, both the URL parser in iOS and the one used in macOS were able to be manipulated to show a different hostname in the notification window for a QR code scan than what actually is opened in Safari.

Memory Corruption

Apple also patched multiple memory corruption issues that impact iOS and macOS. Two of the memory corruption issues were reported to Apple by security researchers from Google's Project Zero research team.

"An application may be able to gain elevated privileges," Apple warned in its advisory for CVE-2018-4206. "A memory corruption issue was addressed with improved error handling."

The other memory corruption issues—including CVE-2018-4200 and CVE-2018-4204—were all found in Apple Safari and impact both iOS and macOS. According to Apple, the issues identified in both of the WebKit related memory corruption issues are that processing maliciously crafted web content may lead to arbitrary code execution.

The new Apple releases are the fifth set of security patches to be released by Apple so far in 2018. The previous set of updates was released on March 29, with the iOS 11.3 and MacOS 10.13.4 updates that patched a critical keylogging vulnerability.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.